About sthscadmin

If we want to put Proxy in DMZ wouldn't it be better to give Proxy just one interface which connects to PA int4 and allow/forward traffic between the internal and Proxy networks/zones through the PA. This way I think there will be better control over internal users going out (I mean user-id, app-id, all sort of filterings and monitorings done by the PA) Thanks Vaughan ... View more

Hi All, We are having two ISPs for our internet and PBF is configured and working fine. We want to put a proxy solution in place for caching (TMG) but not sure where to put it. If I place proxy outside the firewall in a different zone then how it is going to switch between the two lines. Thanks   ... View more

Hi I'm getting the same error messages (auth-fail) in System logs. The error messages are for users trying Captive Portal to get out to the Internet. I'm using Kerberos as Authentication profile for my Captive Portal settings. I'm sure the usernames and passwords are correct. Any idea? Thanks ... View more

Hi Stefan, SSL is unchecked. It was all working good before we updated from PAN-OS 4.1.6 to 4.1.7 then it stopped working. Have updated to 4.1.8 but still no luck. Next I'm going to try is to create new Global Security groups and apply rules to those new groups and see how it goes. Have tried with both Universal and Global groups but ....no change. Thanks Vaughan ... View more

Hi, We have a PA-500 in a single forest single domain environment and have installed UIA on one of our DCs. Problem is user-id is not working in Security policies and the PA box does not recognise group membership. Thing I would like to check with you guys are: -Port number for LDAP server profile which is 389 -User-id agent port; we are using 5007. Should we use another port? Also show user group name "domain\domain admins" results in the following message: User group 'domain\domain admins' does not exist or does not have members Any idea? ... View more